Since April, the VA has lost 72 BlackBerrys and 34 laptops, and experienced 441 incidents of patient information sent to the wrong address or otherwise mailed incorrectly, according to figures published in the Monthly Reports to Congress for April through July on the department's Web site.

The VA site also contained quarterly reports of the data breaches. For the second quarter of fiscal 2010, there were 9,746 breach incidents involving notifications to patients, and 2,501 incidents in which credit reporting was required. Credit reporting is used in cases where there is a risk of identity theft.

For the first quarter, there were 1,999 breaches and 3,585 incidents requiring credit reporting.

The data breach reports also track incidents of unencrypted emails being sent containing sensitive patient information and mishandling of data containing sensitive information. In one example, a patient prescription of medication was sent to the wrong address; the packaging contained sensitive information about the patient. In other incident, a patient reported she had received another patient’s appointment information in the mail.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.